TCP Remoting

TCP Remoting

Docker Engine API can be published on TCP port

Unfortunately, too easy to publish without authentication

Certificate based server and client authentication is painful

Insecure dockerd enables host breakout


Do not open TCP without authentication

More later!

Demo: TCP Remoting 030_remoting/01_tcp

Test containerized

Run container with Docker:

docker run --name tcp \
    --detach \
    --privileged \
    --publish \
    docker:dind \
        dockerd --host tcp://

Use remote Docker over TCP:

docker --host tcp://:2375 version

Define remote Docker using environment variable:

export DOCKER_HOST=tcp://:2375
docker version